Support bring your own (sassoftware#128)

Author: NormJohnIV

.dockerignore

@@ -3,4 +3,4 @@ docs/
 *.txt
 terraform.tfstate*
 examples/
-
+.terraform/

docs/CONFIG-VARS.md

@@ -9,6 +9,8 @@ Supported configuration variables are listed in the table below.  All variables
   - [Required Variables](#required-variables)
     - [Azure Authentication](#azure-authentication)
   - [Admin Access](#admin-access)
+  - [Networking](#networking)
+    - [Use Existing](#use-existing)
   - [General](#general)
   - [Nodepools](#nodepools)
     - [Default Nodepool](#default-nodepool)
@@ -68,6 +70,69 @@ You can use `default_public_access_cidrs` to set a default range for all created
 | postgres_access_cidrs | IP Ranges allowed to access the Azure PostgreSQL Server | list of strings |||
 | acr_access_cidrs | IP Ranges allowed to access the ACR instance | list of strings |||
 
+## Networking
+| Name | Description | Type | Default | Notes |
+| :--- | ---: | ---: | ---: | ---: |
+| vnet_address_space | Address space for created vnet | string | "192.168.0.0/16" | This variable is ignored when vnet_name is set (aka bring your own vnet) |
+| subnets | Subnets to be created and their settings | map(object) | *check below* | This variable is ignored when subnet_names is set (aka bring your own subnets). All defined subnets must exist within the vnet address space. |
+
+The default values for the subnets variable are:
+
+```yaml
+{
+  aks = {
+    "prefixes": ["192.168.0.0/23"],
+    "service_endpoints": ["Microsoft.Sql"],
+    "enforce_private_link_endpoint_network_policies": false,
+    "enforce_private_link_service_network_policies": false,
+    "service_delegations": {},
+  }
+  misc = {
+    "prefixes": ["192.168.2.0/24"],
+    "service_endpoints": ["Microsoft.Sql"],
+    "enforce_private_link_endpoint_network_policies": false,
+    "enforce_private_link_service_network_policies": false,
+    "service_delegations": {},
+  }
+  ## If using ha storage then the following is also added
+  netapp = {
+    "prefixes": ["192.168.3.0/24"],
+    "service_endpoints": [],
+    "enforce_private_link_endpoint_network_policies": false,
+    "enforce_private_link_service_network_policies": false,
+    "service_delegations": {
+      netapp = {
+        "name"    : "Microsoft.Netapp/volumes"
+        "actions" : ["Microsoft.Network/networkinterfaces/*", "Microsoft.Network/virtualNetworks/subnets/join/action"]
+      }
+    }
+  }
+}
+```
+
+### Use Exisiting
+When desiring to deploy into exising resource group, vnet, subnets, or network security group the varaiables below can be used to define the exsting resources
+
+| Name | Description | Type | Default | Notes |
+| :--- | ---: | ---: | ---: | ---: |
+| resource_group_name | Name of pre-existing resource group | string | null | Only required if deploying into existing resource group|
+| vnet_name | Name of pre-existing vnet | string | null | Only required if deploying into existing vnet |
+| nsg_name | Name of pre-existing network security group | string | null | Only required if deploying into existing nsg |
+| subnet_names | Existing subnets mapped to desired usage | map(string) | null | Only required if deploying into existing subnets. See example below |
+
+Example subnet_names variable:
+
+```yaml
+subnet_names = {
+  ## Required subnets
+  'aks': '<my_aks_subnet_name>', 
+  'misc': '<my_misc_subnet_name>',
+
+  ## If using ha storage then the following is also required
+  'netapp': '<my_netapp_subnet_name>'
+}
+```
+
 ## General
 
 Ubuntu 18.04 LTS is the operating system used on the Jump/NFS servers. Ubuntu creates the `/mnt` location as an ephemeral drive and cannot be used as the root location of the `jump_rwx_filestore_path` variable.

examples/sample-input-byo.tfvars

@@ -0,0 +1,124 @@
+# !NOTE! - These are only a subset of variables.tf provided for sample.
+# Customize this file to add any variables from 'variables.tf' that you want
+# to change their default values.
+
+# ****************  REQUIRED VARIABLES  ****************
+# These required variables' values MUST be provided by the User
+prefix         = "<prefix-value>"
+location       = "<azure-location-value>" # e.g., "eastus2"
+ssh_public_key = "~/.ssh/id_rsa.pub"
+# ****************  REQUIRED VARIABLES  ****************
+
+# Bring your own existing resources
+resource_group_name = "<existing-resource-group-name>" # only needed if using pre-existing
+vnet_name           = "<existing-vnet-name>"           # only needed if using pre-existing
+nsg_name            = "<existing-nsg-name>"            # only needed if using pre-existing
+subnet_names        = {
+  "aks": "<existing-subnet-name-1>", 
+  "misc": "<existing-subnet-name-2>", 
+  "netapp": "<existing-subnet-name-3>" # only needed if using ha storage (aka netapp)
+}
+
+# !NOTE! - Without specifying your CIDR block access rules, ingress traffic
+#          to your cluster will be blocked by default.
+
+# **************  RECOMMENDED  VARIABLES  ***************
+default_public_access_cidrs = [] # e.g., ["123.45.6.89/32"]
+# **************  RECOMMENDED  VARIABLES  ***************
+
+# Tags for all taggable items in your cluster.
+tags = {} # e.g., { "key1" = "value1", "key2" = "value2" }
+
+# Azure Postgres config
+create_postgres                  = true # set this to "false" when using internal Crunchy Postgres
+postgres_ssl_enforcement_enabled = false
+postgres_administrator_password  = "mySup3rS3cretPassw0rd"
+
+# Azure Container Registry config
+create_container_registry           = false
+container_registry_sku              = "Standard"
+container_registry_admin_enabled    = false
+container_registry_geo_replica_locs = null
+
+# AKS config
+kubernetes_version         = "1.18.14"
+default_nodepool_min_nodes = 2
+default_nodepool_vm_type   = "Standard_D8s_v4"
+
+# AKS Node Pools config
+node_pools = {
+  cas = {
+    "machine_type" = "Standard_E16s_v3"
+    "os_disk_size" = 200
+    "min_nodes"    = 1
+    "max_nodes"    = 1
+    "max_pods"     = 110
+    "node_taints"  = ["workload.sas.com/class=cas:NoSchedule"]
+    "node_labels" = {
+      "workload.sas.com/class" = "cas"
+    }
+  },
+  compute = {
+    "machine_type" = "Standard_E16s_v3"
+    "os_disk_size" = 200
+    "min_nodes"    = 1
+    "max_nodes"    = 1
+    "max_pods"     = 110
+    "node_taints"  = ["workload.sas.com/class=compute:NoSchedule"]
+    "node_labels" = {
+      "workload.sas.com/class"        = "compute"
+      "launcher.sas.com/prepullImage" = "sas-programming-environment"
+    }
+  },
+  connect = {
+    "machine_type" = "Standard_E16s_v3"
+    "os_disk_size" = 200
+    "min_nodes"    = 1
+    "max_nodes"    = 1
+    "max_pods"     = 110
+    "node_taints"  = ["workload.sas.com/class=connect:NoSchedule"]
+    "node_labels" = {
+      "workload.sas.com/class"        = "connect"
+      "launcher.sas.com/prepullImage" = "sas-programming-environment"
+    }
+  },
+  stateless = {
+    "machine_type" = "Standard_D16s_v3"
+    "os_disk_size" = 200
+    "min_nodes"    = 1
+    "max_nodes"    = 2
+    "max_pods"     = 110
+    "node_taints"  = ["workload.sas.com/class=stateless:NoSchedule"]
+    "node_labels" = {
+      "workload.sas.com/class" = "stateless"
+    }
+  },
+  stateful = {
+    "machine_type" = "Standard_D8s_v3"
+    "os_disk_size" = 200
+    "min_nodes"    = 1
+    "max_nodes"    = 3
+    "max_pods"     = 110
+    "node_taints"  = ["workload.sas.com/class=stateful:NoSchedule"]
+    "node_labels" = {
+      "workload.sas.com/class" = "stateful"
+    }
+  }
+}
+
+# Jump Box
+create_jump_public_ip = true
+jump_vm_admin        = "jumpuser"
+jump_vm_machine_type = "Standard_B2s"
+
+# Storage for SAS Viya CAS/Compute
+storage_type = "standard"
+# required ONLY when storage_type is "standard" to create NFS Server VM
+create_nfs_public_ip = false
+nfs_vm_admin         = "nfsuser"
+nfs_vm_machine_type  = "Standard_D8s_v4"
+nfs_raid_disk_size   = 128
+nfs_raid_disk_type   = "Standard_LRS"
+
+# Azure Monitor
+create_aks_azure_monitor = false